<?php
session_start(); 
require_once '../include/common.inc.php';
$page_title = 'JANSEN';

$alert_message = "Please enter your username and password to login. ";



if ((isset($_GET['action']) && $_GET['action'] == 'logout') || (isset($_POST['action']) && $_POST['action'] == 'logout')) {
    Cookie('AdminUser','',0);
    //$alert_message = "<font color=red>Logout success. </font>";
    echo "<script>alert('Logout success.');location.href='index.php'</script>";
    //header("Location: index.php");
    exit;
} elseif(isset($_POST['admin_pwd']) && isset($_POST['admin_name']) && !empty($_POST['admin_pwd']) && !empty($_POST['admin_name'])){
	/*$postValidCode = $_POST["validCode"];*/
	$sessionValidCode = $_SESSION["loginauthcode"];
	$postValidCode = $_SESSION["loginauthcode"];
	if($postValidCode != $sessionValidCode)
	{
		$alert_message = "<font color=red>Invalid validcode! Please try again.</font>";
	}
	else
	{
		$rs = $db->get_one("SELECT password FROM user WHERE username='" . $_POST['admin_name'] . "' and `type` = 10");
		if(md5($_POST['admin_pwd']) == $rs['password']){
			$sql = "UPDATE `user` SET `lastlogin` = `currlogin`, `currlogin` = '$timestamp' WHERE username='" . $_POST['admin_name'] . "' and `type` = 10";
			$db->query($sql);
			$AdminUser	= StrCode( $timestamp."\t".$_POST['admin_name']."\t".md5( PwdCode( md5($_POST['admin_pwd']) ).$timestamp));
			Cookie('AdminUser',$AdminUser);
			header("Location: main.php");
			exit;
		} else {
			$alert_message = "<font color=red>Invalid username or password! Please try again.</font>";
		}
	}
} elseif(GetCookie('AdminUser')) {
    header("Location: main.php");
    exit;
} elseif (isset($_POST['action']) && $_POST['action'] == 'login') {
    $alert_message = "<font color=red>Please enter your username and password to login. </font>";
}


require_once PrintEot('a_index');

//$debug = 1;
//debuginfo();
//echo "<pre>";
//print_r($debuginfo);

?>